cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Curl Certificate Verification CRLs and OCSP

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 25 Jan 2010 21:25:49 +0100 (CET)

On Mon, 25 Jan 2010, Mr Ronny Liu wrote:

> Hello, I have read through some mailing list entries and the
> curl_easy_setopt man page. I notice that curl supports CRL (as of 7.19.0),
> however I do not see anything about OCSP. Am I correct in assuming that OCSP
> is not supported by curl at the moment (specifically for ftps connections)?

That is correct. Until your mail here I didn't even know OCSP existed.

> I notice that openssl has support of OCSP. However, this does not help to
> validate the connection while curl is executing. Is there a way to pass in
> the openssl command into libcurl to do this (I doubt it but just hoping I
> missed something)? Thanks.

No, that's not possible. libcurl doesn't do "openssl commands", it uses the
OpenSSL API.

To get libcurl to do OCSP we must add that support to the library, and if
OpenSSL provide the functionality I figure it should be too hard.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2010-01-25